Firefox 93 for Android becomes system-wide password manager

Martin Brinkmann
Oct 2, 2021
Firefox
|
31

The upcoming Firefox 93 web browser for Android may be used as a system-wide password manager by its users. Up until now, passwords saved in the browser were restricted for use in the browser. If you saved a Reddit or Amazon password in Firefox, you could open Reddit's or Amazon's website to sign-in automatically using the saved data.

What you could not do until now was launch the Reddit or Amazon application on the Android device and expect to be signed-in automatically. A password manager was required for that functionality.

Starting in Firefox 93 for Android, out on October 5, 2021, Firefox users may use the browser's password manager to sign-in to any application on the device.

firefox system wide password manager android

If a password is saved in Firefox 93 or newer, Firefox users may select the account credentials to sign-in to an application on the device. For example: with Instagram credentials saved in Firefox, Firefox may suggest to use the saved credentials when a user opens the sign-in page in the Instagram application.

A small change in the browser's settings is required to enable the new functionality. Select the three-dots menu icon in Firefox and then Settings from the context menu. On the main Settings page, select Logins and password. Locate the "Autofill in other apps" option and toggle it so that it is set to on. Android displays a prompt to pick a compatible application for autofilling passwords on the device system-wide. Select Firefox and you are all set on the device.

Saved passwords may then be used to sign-in to applications on the device. The username field displays account suggestions and also an option to search Firefox; the latter is useful if the correct account was not selected by Firefox automatically.

firefox 93 android passwords autofill system wide

With sync enabled in Firefox, Firefox will synchronize all user credentials to other Firefox installations, provided that the same account is used on these devices.

Firefox 93 includes a new option to save passwords manually. All it takes is to type the site URL, username and password, to save the credentials in the browser. These may then be used to sign-in on websites in Firefox, but also in applications on the Android device.

Select Menu > Settings > Logins and passwords > Saved logins, type the Android Pin, and use the new "add login" option on the page that opens to add a new site to Firefox's password manager manually.

Check out the full blog post on Mozilla's website.

Closing Words

Firefox is not the only Android browser that can act as a system-wide password manager. Chrome and Edge, among others, may also be set up to fill out passwords automatically on Android.

Now You: do you use a password manager on your mobile devices?

Summary
Firefox 93 for Android becomes system-wide password manager
Article Name
Firefox 93 for Android becomes system-wide password manager
Description
The upcoming Firefox 93 web browser for Android may be used as a system-wide password manager by its users.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. OccamsRazor said on October 4, 2021 at 6:17 pm
    Reply

    @Iron Heart,

    Thanks for the reply on @Yash’s behalf. >Do you think you are any less unique than you were before? No.
    Obviously it’s one of my concerns.

    Also I am aware of your opinion on these things. I value your feedback on posts as well as other commenters, however, I asked Yash because no offense, i wanted someones opinion who uses Firefox.
    If I had a question on Brave or Chromium forks, of course I’d ask you.

    muahzies.

    1. Iron Heart said on October 5, 2021 at 8:28 am
      Reply

      @OccamsRazor

      My comment wasn’t related to Chromium, it was related to Firefox. You can’t reduce your uniqueness by changing some about:config settings here and there, in a way inconsistent with what others do.

      The only way to “win” here is for all browsers to behave similarly, and in order to achieve that, the browser has to come preconfigured by default and users must NOT touch its settings or install any add-on that interacts with websites in a detectable manner. The only Firefox-based browser for which this is the case is the Tor Browser Bundle. So, you want to beat fingerprinting efforts directed against you and use something Firefox-based? Use Tor. Anything else is nonsense.

      As for Mull, yes, it comes preconfigured, but the crowd using it is far too small to matter. How many users does it have? 500? 1000? You need a sizable crowd to hide in, millions and millions of users. Only Tor can provide that for you.

  2. OccamsRazor said on October 4, 2021 at 4:37 pm
    Reply

    @Yash,

    Thank you for the useful comment on how to add custom add-ons to android. Quick question though, since Firefox for Android does not provide some of these add-ons by default, are they detectable and does it make you more unique?

    I use Mull on android which applies the Ghacks user.js, but I almost do not want to use anything but ublock origin for this concern. Your thoughts?

    1. Yash said on October 4, 2021 at 9:07 pm
      Reply

      1. “Thank you for the useful comment on how to add custom add-ons to android.”

      2. “since Firefox for Android does not provide some of these add-ons by default, are they detectable and does it make you more unique?”

      3. “I use Mull on android which applies the Ghacks user.js, but I almost do not want to use anything but ublock origin for this concern. Your thoughts?”

      1. Thanks stranger from a stranger.

      2. Here’s a comparison – This is the Google search link for keyword gHacks when I’m using ClearURL – https://www.google.com/search?q=ghacks

      And this is without using ClearURL – https://www.google.com/search?q=ghacks&source=hp&oq=ghacks&gs_l=mobile-heirloom-hp.3..0i512l5.1985.3372.0.3857.7.6.0.1.1.0.299.1225.1j2j3.6.0….0…1c.1.34.mobile-heirloom-hp..3.4.630.o6movCujTNs
      In the second link I used smartphone on purpose.

      Unless you use an extension which either is way too specific in its working like Privacy Badger in learning mode which can reveal your browsing pattern or you make it specific by going overboard with filter lists in adblocker which may reveal your country through a language, you’re safe. ClearURL as shown above isn’t specific in its working so even if a website knows you’re using it through link changes, nothing else there to blow your cover.

      Main purpose of RFP is to make all user look similar. So don’t worry about using an add-on which is not among default Firefox for Android, as long as it doesn’t interfere with RFP.

      3. I use Mull browser too since it became available in main F-Droid repo. Extensions I use are – uBO, ClearURL, Https Everywhere, uMatrix. In desktop I would add Temporary Container too. Every extension has its own purpose, and more importantly they don’t interfere with RFP. They handle different tracking things which makes web look clean to me than it is.

      1. Iron Heart said on October 5, 2021 at 8:36 am
        Reply

        @Yash

        Joke of a reply, as expected from you.

        > or you make it specific by going overboard with filter lists in adblocker which may reveal your country through a language, you’re safe.

        1) uBlock’s behavioral patterns can be detected no matter which lists you use.

        2) Your country can be guessed from filter lists (don’t think so, if you use your country-specific filter list along with other language’s filter lists for cover), but it can also be guessed via your IP address (unless VPN) or via the set language of your browsers, and yes, websites can request and detect the language set.

        > ClearURL as shown above isn’t specific in its working so even if a website knows you’re using it through link changes, nothing else there to blow your cover.

        Dude, ClearURLs is active at the network level, it doesn’t interfere with rendering. It is safe to use no matter what, and is not detectable (short of an extension ID leak, which would be a browser bug affecting any and all extensions).

        > Main purpose of RFP is to make all user look similar.

        RFP is meant for Tor where the browser comes preconfigured and is not supposed to be touched by you. It is not meant for custom Firefox setups that are most of the time unique.

        > I use Mull browser too since it became available in main F-Droid repo. Extensions I use are – uBO, ClearURL, Https Everywhere, uMatrix. In desktop I would add Temporary Container too.

        Mull users are too few to matter (no real crowd building) and you piled on extension after extension, some of which are detectable. Happy uniqueness.

      2. Yash said on October 5, 2021 at 10:33 am
        Reply

        1. “1) uBlock’s behavioral patterns can be detected no matter which lists you use.”

        2. a) Your country can be guessed from filter lists (don’t think so, if you use your country-specific filter list along with other language’s filter lists for cover), b) but it can also be guessed via your IP address (unless VPN) or c) via the set language of your browsers, and yes, websites can request and detect the language set.”

        3. “Dude, ClearURLs is active at the network level, it doesn’t interfere with rendering. It is safe to use no matter what, and is not detectable (short of an extension ID leak, which would be a browser bug affecting any and all extensions).”

        1. First uBlock Origin can’t be detected in Firefox, only its filter list can be detected. But then that’s the case for any other adblocker, even for Brave browser.
        Plus I made it clear when saying ‘specific’ but okay here we go one more time – As long as you use filter list that are available default in uBlock Origin, you’re safe, as there will be no behavioral patterns.

        2. a) What you said is true, and that’s what I meant when I wrote specific. If someone select multiple language filters, nothing to worry about.
        b) It can be guessed via IP address – correct but that’s true for any browser except Tor.
        c) That’s not the case with RFP.

        3. A website can detect a change in incoming link done by ClearURL. However it isn’t specific in its working so nothing to worry about. That’s the point I made. So what you wrote is essentially same as what I said. Bottom line is – ClearURL can be used.

        Finally our views towards RFP are contrasting to say the least. So let’s save the trouble of writing multiple comments. I use it and will, and I’m enjoying it.

    2. Iron Heart said on October 4, 2021 at 6:06 pm
      Reply

      @OccamsRazor

      So, you are one of what, 500 people who have applied that user.js on Android / using Mull (it is still detectable that you are using Android, btw)? Do you think you are any less unique now than you were before? You are still sticking out wherever you go. And yes, piling on any extension that interacts with websites in any way is making you even more unique.

      Now clueless @Yash can answer, I said what I had to say.

  3. Peter said on October 3, 2021 at 2:42 pm
    Reply

    WHY!? Why can’t Moxilla just stop adding dumb features, that no one asked for? How can this incredibly simple thing be so incredibly hard for them? Mozilla reminds me of the Deep Blue Sea parody episode of American Dad where Stan can’t accept that he is bad at making decision and keeps bungling everything up with his ill-conceived solutions: https://www.youtube.com/watch?v=BPeRbz20pWc

    1. matthiew said on October 4, 2021 at 3:38 am
      Reply

      You’re a fool if you can’t see the value in this feature.

      1. Iron Heart said on October 4, 2021 at 2:55 pm
        Reply

        @matthiew

        Mozilla usurps the functionality of better suited apps tailored to the purpose. How is that useful? The only reason why they do this is users now getting redirected to Firefox more than before. Pathetic.

      2. matthiew said on October 5, 2021 at 3:53 am
        Reply

        @Iron Heart

        You don’t know what you’re talking about. Try reading the article before you spout your nonsense in the comments. What you wrote is completely false and really stupid part is if you had read what Martin wrote above you would know that.

      3. corpo said on October 12, 2021 at 10:59 pm
        Reply

        @matthiew

        Not too long ago the password generation was crap, deterministically regenerated exactly the same for the same site per user. Who knows if its improved or the weakness obfuscated. They being able to regenerate the same pass from maybe a profile id or something sent via telemetry is a bit worrying.

        Knowing that their head techy once famously tried to help the nsa backdoor cryptography standards, and they employed someone from the cia to head up ‘trust and security’, im not inclined to trust mozillas motives here as with the countless other weird decisions and f-ups: like sending dns data to cloudflare in the usa or freely giving google your web browsing and download info.

        The odd maneuvering and mere possibility of finally farming passwords (or providing the capability to some 3rd party) should be enough to sketch anyone out. The belief of it or lies in denial of it are irrelevent after the act.

  4. Anonymous said on October 3, 2021 at 9:19 am
    Reply

    Isn’t this functionality achieved with the standalone Firefox Lockwise app?

    What’s the point of that app then, will it be discontinued? Or have duplicated functionality? Granted It’s rough around the edges and needs some love, but I honestly prefer a standalone password manager.

    I see this as a step backward.

    1. Martin Brinkmann said on October 3, 2021 at 9:31 am
      Reply

      I read somehwere, can’t remember, that Mozilla put the app on hold and will focus on the integration in Firefox.

  5. magic trick said on October 3, 2021 at 7:34 am
    Reply

    Pen –> Paper –> Safe

  6. Fatfox said on October 2, 2021 at 8:55 pm
    Reply

    I’m confused! Should a browser act as a system-wide password manager? Systemfox’s really digging deep into systems such as Windows and Android. Maybe we’ll update our browser to a virus scanner someday in the future. Who knows?

  7. Anonymous said on October 2, 2021 at 6:16 pm
    Reply

    Keep all your passwords safe, centralize them online on a US server !

  8. GoodMeasure said on October 2, 2021 at 5:56 pm
    Reply

    Does Firefox for Android allow add-ons/extensions again yet? Sorry, I have not been paying attention out of frustration. Does any Android based browser support add-ons?

    I am still using F-Droid’s Fennec 68.12.0esr. It is pretty old now, but still works. I am using NetGuard Paid as a firewall that works pretty well and supports system wide block lists for ads and stuff.

    I don’t do sensitive stuff on the phone, but would like something a little more secure with better bookmark features and add-on support.

    1. mozilla-google said on October 3, 2021 at 1:03 pm
      Reply

      safari 15 ios

    2. ehelldane said on October 2, 2021 at 7:05 pm
      Reply

      I’m running uBlock Origin AdBlock in the FF for Android app I’m also using to type this out. I didn’t know FF ever didn’t allow mobile add-ons, was that a recent or an older thing? I’m not sure mine is up to date.

    3. Yash said on October 2, 2021 at 6:18 pm
      Reply

      Download latest version of Fennec from F-Droid. Go to Settings > About Fennec > Tap on Fennec name/logo multiple times until it says Debug menu enabled. Then hit back button, and tap on Custom Add-on collection. Now you can add any add-on collection, you can use Iceraven one or Ghacks one or this one which I made – https://addons.mozilla.org/en-US/firefox/collections/16921559/Privacy-Add-ons/
      You need to type Privacy-Add-ons in Collection owner, 16921559 in Collection name, and there you have it – more add-ons than what are currently available. If your favourite add-on is not available in this collection, you can make a custom one for your needs too.

      Custom add-on feature is available in Iceraven(actually it has more add-ons anyway), Fennec, Mull, Firefox Nightly.

      Kiwi – Chromium browser support add-ons, only Chromium browser to do so in Android.

      1. GoodMeasure said on October 3, 2021 at 5:52 pm
        Reply

        Thanks for the replies everyone.

        I had not heard of Iceraven Browser. I looked at it and it sounds interesting. It appears to be a fork of Fenix, trying to add privacy and add-ons. It would appear it is not ready for F-Droid yet, but they do have over 260 (automated) releases.

        How functional is it? Is it close to being “ready”?

        This website should do a “best current and future Android browser” article, but include add-on support and security/privacy.

      2. nc said on October 7, 2021 at 1:25 am
        Reply

        Just a fyi, Fenix and the iceraven fork have google datacollection about your surfing and downloads, unable to turn it off. Avoid.
        The main fenix line is quite tweak-and-addon-restricted, has sponsorships, google trackers, marketing data, all that scummy stuff.

        Go with Bromite, no sus partnerships or ads, telemetry, google chatter, going on under the hood.

      3. John said on October 3, 2021 at 6:26 pm
        Reply

        @goodmeasure: I’ve been using Iceraven since the beginning over a year ago. It became my default browser very quickly and I haven’t had any significant problems.

        I consider it stable and ready.

        The reason it’s not in F-Droid is that the browser currently only has one developer with limited time to devote to the project, had no prior experience getting F-Droid apps approved, and decided to focus on the browser instead of the delivery system when he ran into issues with F-Droid’s build system. He’s said that though he is not actively working on getting the browser into F-Droid anymore, he would hypothetically be willing to accept a pull request from an outside coder who made the necessary alterations, and then submit it to F-Droid himself.

        In the meantime, F-Droid users can download and update Iceraven through F-Droid’s FFUpdater app (Which handles a bunch of different web browsers and related software) if they prefer that to directly manually downloading each release from Iceraven’s GitHub page.

  9. Henk said on October 2, 2021 at 4:38 pm
    Reply

    There is no way I will ever trust a browser to hold on to any of my passwords, let alone sync them in the cloud, and even less so on my phone. I use KeePass, a dedicated offline password manager. So KeePass is what I use on my phone too (in the form of the KeePass2Android app).
    Then how do I keep my well-encrypted passwords file up to date? Well manually, by copying it once every few weeks straight from desktop-to-phone: a little more effort that buys me (I hope) just a little more security.
    Of course I am aware that my browser will still occasionally, when I enter a password, send it on to the website that wants it for login. That’s why I use only encrypted VPN connections. On my phone, too.
    And yes, I know that even this way it’s still not 100% safe. Full online safety just doesn’t exist. But still we can try…

    1. Anonymous said on October 3, 2021 at 3:44 pm
      Reply

      Check out Syncthing for encrypted FOSS for keeping all your devices in sync

    2. ehelldane said on October 2, 2021 at 6:53 pm
      Reply

      I use a similar offline pass keeper. If ur database is encrypted like mine, I suggest storing it in a cloud sync folder, that is left on on ur PC, and then just manually copy it from there on ur mobile occasionally, or when u need it.

      U could maybe sync to ur mobile live too, and edit on either device; but I don’t need to edit mine on mobile personally, so I open it read only. And I probably only need to update it to get a new password once every few/several months.

      Point is, there are easier ways than, say, manually plugging in ur phone to ur PC. And having it in the coud means it’s accesible remotely.

      1. Anon said on October 3, 2021 at 10:58 pm
        Reply

        KeepassDX is where it’s at.

      2. Henk said on October 3, 2021 at 1:57 pm
        Reply

        Yes in theory you’re right, of course. But (admittedly maybe I’m a bit weird) I refuse to install cloud services such as Dropbox on my phone, because such syncing apps can (and will) open online connections at all times and places, without me as user being in full control about what data are transmitted.
        Btw, for the same reason I blocked internet access for all apps on my phone, except those that actually need to go online to function. There are so many apps that for all kinds of unclear reasons demand and use internet access, while in fact they turn out to function just as well when restricted to being offline.
        And of course I removed and disabled as many Google functions as is actually possible and feasible on an actively used Android phone…

    3. Juraj said on October 2, 2021 at 4:55 pm
      Reply

      Firefox is using End-to-End encryption. So they don’t have access to your passwords because the data are encrypted on your device before they are synced. This means that even if they get hacked, your data are still safe.
      https://hacks.mozilla.org/2018/11/firefox-sync-privacy/

      It’s all open source (unlike Chrome) so anyone capable can verify anytime.
      I would say Firefox Sync. and all features that use is – like the password manager – is one of the best things about Firefox.

  10. Yash said on October 2, 2021 at 3:59 pm
    Reply

    Use a dedicated password manager folks, not any browser level manager or Google account saved password feature. Dedicated password managers especially open-source are much better.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.